2/19/2004 - Atmel® Corporation introduced its AT97SC3202 - Trusted Platform Module (TPM) to support Trusted Computing Group (TCG) Standard 1.2. The new security processor is a single-chip security subsystem that protects the end user's privacy by providing tamper-proof storage and management of the user's identity, passwords and encryption keys. Atmel is the world leader in the TPM security processor market with 95% market share and has sold over 5 million (TCG 1.1-compliant) TPMs since 1998.
In order to shorten time to market, Atmel's TPM version 1.2 development boards are currently being shipped to key chip-set and operating systems manufacturers, who are working to achieve early hardware compliance with final TPM 1.2 system level software specifications timed for later this year. When installed in a personal computer, the AT97S3202 can help to prevent Internet fraud, identity theft, email-born viruses like the recent MyDoom, and spoofing or phishing scams such as those perpetrated on Best BuyTM and PayPal® customers, last summer. The TPM also records and stores measurements of the state of the system at boot up that can be used to help detect viruses or worms that affect the boot-up process. The TPM thwarts hackers by restricting access to data (e.g., passwords) to specific stages of the boot process.
Device Architecture - Atmel's AT97SC3202 TPM supports all TCG 1.2 enhancements and provides a complete, turnkey hardware security solution that integrates a high-performance, low-power, RISC processor; 2048-bit RSA sign crypto-accelerator; hardware SHA-1 hash engine; a true random number generator; 32 platform configuration registers (PCRs); a secure EEPROM, SRAM, timer, real-time clock, LPC interface to Intel and AMD processors, two-wire serial interface for embedded applications; and tamper prevention circuitry that detects any attempts to read the chip's contents. Other tamper proof features include metal shield layers above the active circuitry, encrypted internal busses, high-security test procedures, and defenses against timing and power supply attacks.
Atmel's TPMs include drivers for LinuxTM and for Windows® 98, 2000, XP, and NT 4.0 operating systems, as well as MAD and MPD BIOS drivers.
TCG 1.1 - TCG 1.1 specification features of Atmel's first generation TPM, AT97SC3201 include: 1) on-chip asymmetrical key pair generation (up to 2048 bit key length) using a hardware random number generator, public key signature, and decryption to enable secure storage of data and digital secrets; 2) storage of hashes (unique numbers calculated from pre-runtime configuration information) that enable verifiable attestation of the machine configuration when booted and prevent data from being accessed unless the machine is in a pre-specified state; 3) an endorsement key that can be used to establish secure, anonymous identity keys that can be trusted to have been generated and stored on a real TPM; and 4) initialization and management functions that allow the owner to turn TPM functionality on and off, reset the chip, and take ownership of its functions. These features are supported by the new TCG 1.2 processor as well.
TCG 1.2 Enhancements - Atmel's new AT97SC3202 security processor supports all TCG 1.2 enhancements, including transport sessions, a real-time clock, locality, save and restore context, direct anonymous attestation, nonvolatile store and delegation, as described below.
Transport sessions allow the user to certify that the AT97SC3202 has executed certain commands (encryption, decryption, key generation, etc.), and to encrypt commands that are sent to the device. Transport sessions might be useful, for instance, to let the IT department know that the user has backed up his/her keys or properly configured the TPM on a notebook.
The on-chip real-time clock allows the date and time to be included as part of a digital signature. The feature is applicable to electronically transmitted contracts, warranties, purchase agreements, or any document that is time-sensitive.
Locality supports advanced security capabilities of specially designed microprocessors and/or system chips.
Save and restore context allows the AT97SC3202's execution thread to be interrupted for the execution of another thread, and then resumed. Version 1.1 TPMs must complete execution of any authorization session before starting another. Save and restore context allows the most important processes to preempt less time-sensitive processes and improve performance.
Direct anonymous attestation (DAA) allows the TPM to create Internet ID cards, called certificates that are used for digital signatures. Currently certificates must be purchased from third parties, such as Verisign. This feature protects the user's privacy.
Nonvolatile store allows sensitive data that is currently stored on the system hard drive to be stored on the TPM chip, ensuring that this data is available during boot-up and protecting it from hard disk erasures.
Delegation allows the owner of the TPM to selectively permit other entities to perform specified functions on the TPM that would otherwise require the presence of the owner. For example, generating an identity key. It also permits users to temporarily give a third party the ability to use any key, to generate a digital signature, for example.
Price and Availability - AT97SC3202 TPM development boards are available now. Production samples will be available in April 2004, in a 28-lead TSSOP package, priced at $4.00 in quantities of 10,000.
The Trusted Computing Group (TCG) is an open, industry standards organization formed to develop, define, and promote open standards for hardware-enabled trusted computing and security technologies, including hardware building blocks and software interfaces, across multiple platforms, peripherals, and devices. TCG specifications enable more secure computing environments without compromising functional integrity, privacy, or individual rights. The primary goal is to help users protect their information assets (data, passwords, keys, etc.) from compromise due to external software attack and physical theft. For more information, go to www.trustedcomputinggroup.org.
Founded in 1984, Atmel Corporation is headquartered in San Jose, California with manufacturing facilities in North America and Europe. Atmel designs, manufactures and markets worldwide, advanced logic, mixed-signal, nonvolatile memory and RF semiconductors. Atmel is also a leading provider of system-level integration semiconductor solutions using CMOS, BiCMOS, SiGe, and high-voltage BCDMOS process technologies.
Atmel® is a registered trademark of Atmel Corporation. Best Buy is a trademark of Best Buy Co., Inc. PayPal is a registered trademark of PayPal, an eBay Company. Linux is a trademark of Linus Torvalds. Windows, Windows 98, 2000, XP, and NT 4.0 are either registered trademark or trademarks of Microsoft Corporation.
Atmel's product information may be retrieved at www.atmel.com/products/Embedded/
Previous Page | News by Category | News Search
If you found this page useful, bookmark and share it on: